Sample details: 260928d37d76c632acb35c72446eded4 --

Hashes
MD5: 260928d37d76c632acb35c72446eded4
SHA1: 6288feb17beab52def0a15ecf6ccb0c82b46824c
SHA256: 3fdf29cbb7fef9f55fbce88bee3d77a1dbc7af45b81ebee4f4ec0da1500807d5
SSDEEP: 12288:S9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZK3/XvU:+iBIGkbxqEcjsWiDxguehC2+/
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPXProtectorv10x2 | YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/borland_delphi | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/System_Tools | YRP/Browsers | YRP/VM_Generic_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/ThreadControl__Context | YRP/disable_antivirus | YRP/inject_thread | YRP/hijack_network | YRP/create_service | YRP/network_udp_sock | YRP/network_tcp_listen | YRP/network_http | YRP/network_dropper | YRP/network_tcp_socket | YRP/network_dns | YRP/escalate_priv | YRP/screenshot | YRP/keylogger | YRP/sniff_audio | YRP/spreading_share | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook | YRP/MD5_Constants | YRP/Delphi_Random | YRP/Delphi_FormShow | YRP/Delphi_Copy | YRP/Delphi_StrToInt | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | YRP/UPX | YRP/suspicious_packer_section | YRP/DarkComet_1 | YRP/DarkComet_3 | YRP/DarkComet_4 | FlorianRoth/RAT_DarkComet | KevTheHermit/DarkComet | BAMFDetect/DarkComet |
Strings
		This program must be run under Win32
Boolean
Integer
Cardinal
string
WideString
OleVariant
TObject
TObject
System
IInterface
System
	IDispatch4
System
TInterfacedObject
FastMM Borland Edition 
 2004, 2005 Pierre le Riche / Professional Software Development
An unexpected memory leak has occurred. 
The unexpected small block leaks are:
 bytes: 
Unknown
String
The sizes of unexpected leaked medium and large blocks are: 
Unexpected Memory Leak
Ht Ht.
~KxI[)
                                                                
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
YZXtm1
VWUUhdN@
ZTUWVSPRTj
tVSVWU
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
odSelected
odGrayed
odDisabled	odChecked	odFocused	odDefault
odHotLight
odInactive	odNoAccel
odNoFocusRect
odReserved1
odReserved2
odComboBoxEdit
Windows
TOwnerDrawState
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
tagMULTI_QI
IPersist4
ActiveX
tagEXCEPINFO 
	TFileName
TSearchRec`
	Exception
EAbort
EHeapException
EOutOfMemory
EInOutErrorH
	EExternal
EExternalException
	EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDividel
	EOverflow
EUnderflow
EInvalidPointerx
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
-{{{{1
-ffff!
-{{{{1
-ffff!
-[[[[1
-ffff!
-[[[[1
-ffff!
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
_^[YY]
_^[YY]
$YZ_^[
t%HtIHtm
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
$YZ_^[
YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
TUnitHashArray
SysUtils
TModuleInfo
DVCLAL
kernel32.dll
GetDiskFreeSpaceExA
(Z]_^[
YZ]_^[
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgError
EVariantBadVarTypeErrorX
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError
EVariantDispatchError
_^[YY]
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array 
ByRef 
Variants
_^[YY]
_^[YY]
	TBiDiMode
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
Classes
ssShift
ssCtrl
ssLeft
ssRight
ssMiddle
ssDouble
Classes
TShiftState
THelpContext
	THelpType
	htKeyword	htContext
ClassesHmA
	TShortCut
TNotifyEvent
Sender
TObject
EStreamError
EFileStreamError
EFCreateError
EFOpenErrorDoA
EFilerError
EReadError
EWriteErrorLpA
EClassNotFound
EResNotFound
EListError
EBitsError
EStringListError
EComponentErrorprA
EOutOfResources
EInvalidOperation
TThreadList
TPersistent
TPersistent<tA
Classes
TInterfacedPersistenthuA
TInterfacedPersistent,uA
Classes
IStringsAdapter4
Classes
TStrings
TStrings
Classes
TStringItem
TStringList
TStringListPwA
Classes
TStream
THandleStream
TFileStream
TCustomMemoryStreamTzA
TMemoryStream
TStringStreamX{A
TResourceStream
TStreamAdapter
TClassFinder
TFiler
TReader
EThread
TThread(
TComponentName<
IDesignerNotify4
Classes
TComponent
TComponentd
Classes
TBasicActionLink
TBasicAction
TBasicActionD
Classes
TIdentMapEntry
	TRegGroup
TRegGroups
YZ]_^[
$Z]_^[
$Z]_^[
_^[YY]
	TIntConst
_^[YY]
Strings
S$_^[Y]
_^[YY]
Sd]_^[
$Z]_^[
TPropFixup
TPropIntfFixup
_^[YY]
Classes
_^[YY]
_^[YY]
QQQQQQQS
R0_^[]
_^[YY]
S	_^[]
TPUtilWindow
ERegistryException
	TRegistryS
TColor
EInvalidGraphic4)B
EInvalidGraphicOperation
TFontPitch
	fpDefault
fpVariable
fpFixed
Graphics
	TFontName
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
Graphics
TFontStyles
	TPenStyle
psSolid
psDash
psDot	psDashDot
psDashDotDot
psClear
psInsideFrame
psUserStyle
psAlternate
Graphics
TPenMode
pmBlack
pmWhite
pmCopy	pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask	pmNotMask
pmNotXor
Graphics
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
Graphics
TGraphicsObjectT,B
TGraphicsObject,,B
Graphics
IChangeNotifier4
Graphics
TFont0-B
Graphics
Charsett(B
Color<
Height
OrientationP)B
Pitch<
Graphics
Mode(*B
Style<
TBrush
TBrush
Graphics
Colord+B
TCanvas
TCanvasd0B
Graphics
Brush<
CopyMode,-B
TGraphic
TGraphic
Graphics
TPicture
TPicture@3B
Graphics
TSharedImage
TMetafileImage
	TMetafile
	TMetafile
Graphics
TBitmapImage
TBitmapp6B
TBitmap
Graphics
TIconImage
TIcon87B
Graphics
TResourceManager
TBrushResourceManager
_^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
_^[YY]
E$PVSj
_^[YY]
C ;C$s
TClipboardFormats
_^[YY]
_^[YY]
S`_^[Y]
kD$TdP
kD$PdP
D$LPkD$XdPV
D$HPkD$TdPV
|$( EMFt
D$HPkD$TdPV
D$LPkD$XdPW
TBitmapCanvas
TBitmapCanvas
Graphics
_^[YY]
C(_^[Y]
Tahoma
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
MS Shell Dlg 2
TPatternManagerSV
_^[YY]
TGdiplusBase
TGPImage
	TGPBitmap
TGPGraphicsRP
image/jpeg
image/bmp
	EOleError
EOleSysError
EOleException
Apartment
Neutral
%s, ClassID: %s
%s, ProgID: "%s"
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
TUploadFTP
R@PSWV
notepad
kernel32.dll
user32.dll
MessageBoxA
ExitThread
DeleteFileA
GetLastError
TerminateProcess
CloseHandle
OpenProcess
GetExitCodeProcess
LoadLibraryA
kernel32
GetProcAddress
notepad
DCPERSFWBP
kernel32.dll
user32.dll
MessageBoxA
CreateProcessA
GetLastError
SetLastError
CreateMutexA
CloseHandle
ExitThread
OpenProcess
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
LoadLibraryA
kernel32
GetProcAddress
user32
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
-.-.-.-
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
{8+{p+{h
;ChwpV
)sl)sh)kX
$;4$w	f
$;4$w	f
Sh#S0f
K\;K|wY
Sh#S0f
Kt;K|sy
StJ)Sp
D$(#D$8
l$()t$,
t:;t$,v
l$()t$,
L$(#L$<
l$()t$,
;t$,v:
l$()t$,
`;t$ v?
T$$J;D$ v0
K,;K$u
S(;S$s
Vd;VXr
L$%#T$
L$%#T$
_^[YY]
TByteArray
UntRC4
_^[YY]
_^[YY]
TACMConvertor
TACMIn
TPUtilWindow
S	_^[]
BuildImportTable: can't load library: 
BuildImportTable: ReallocMemory failed
BuildImportTable: GetProcAddress failed
_^[YY]
FinalizeSections: VirtualProtect failed
BTMemoryLoadLibary: dll dos header is not valid
BTMemoryLoadLibary: IMAGE_NT_SIGNATURE is not valid
BTMemoryLoadLibary: VirtualAlloc failed
 BTMemoryLoadLibary: BuildImportTable failed
BTMemoryLoadLibary: Get DLLEntyPoint failed
BTMemoryLoadLibary: Can't attach library
BTMemoryGetProcAddress: no export table found
BTMemoryGetProcAddress: DLL doesn't export anything
BTMemoryGetProcAddress: exported symbol not found
BTMemoryGetProcAddress: name <-> ordinal number don't match
127.0.0.1
t:HtVH
_^[YY]
TSynchroObject
THandleObject
TEvent
TCriticalSection
OleMainThreadWndClass
ole32.dll
CoWaitForMultipleHandles
_AMMediaTypeH
_PinInfo
DirectShow9
IFilterGraph4
DirectShow9
IMediaFilter4
DirectShow9
IBaseFilterP
DirectShow9
IGraphBuilder
DirectShow9
ICaptureGraphBuilder24
DirectShow9	
IAMStreamConfig4
DirectShow9
IAMVideoProcAmp4
DirectShow9
IKsPropertySet4
DirectShow9
IMediaControld
DirectShow9	
IMediaEventd
DirectShow9
IMediaEventEx$
DirectShow9
IVideoWindowd
DirectShow9'
ISampleGrabberCB4
DirectShow9
ISampleGrabber4
DirectShow9
TApplication
TSampleGrabberCBInt
VSample
TSampleGrabberCBImpl
TSampleGrabberCB
VSample
TVideoSample
QQQQQQQSV
QQQQSVW
_^[YY]
MJPGte
_^[YY]
VFramesh
TVideoImage
NewFrame
QQQQQSVW
r*-H420to-
-YUNVt=-
Unknown compression
DataSize: 
  FourCC: 
_^[YY]
	TDCWebCam
_^[YY]
TRemoteShell
COMSPEC
wlanapi.dll
WlanOpenHandle
WlanCloseHandle
WlanEnumInterfaces
WlanQueryInterface
WlanGetAvailableNetworkList
t;NtGNtSNt_
80211_OPEN
80211_SHARED_KEY
WPA_PSK
WPA_NONE
RSNA_PSK
IHV_START
IHV_END
Nt Nt,
WEP104
WPA_USE_GROUP OR RSN_USE_GROUP
IHV_START
IHV_END
TByteArray
UntFWB
\Internet Explorer\iexplore.exe
explorer.exe
QQQQQQQQS3
$YZ_^[
t"+G4PWV
TOrderedList
TStack
IHelpSelector4
:	HelpIntfs
IHelpSystem4
:	HelpIntfs
ICustomHelpViewer4
:	HelpIntfs	
IExtendedHelpViewerl
:	HelpIntfs
EHelpSystemException
THelpManager
THelpViewerNode
_^[YY]
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
MonitorFromWindow
MonitorFromPoint
GetMonitorInfo
DISPLAY
GetMonitorInfoA
DISPLAY
GetMonitorInfoW
DISPLAY
EnumDisplayMonitors
USER32.DLL
BeginBufferedPaint
EndBufferedPaint
BufferedPaintSetAlpha
uxtheme.dll
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeTextExtent
GetThemeTextMetrics
GetThemeBackgroundRegion
HitTestThemeBackground
DrawThemeEdge
DrawThemeIcon
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeMetric
GetThemeString
GetThemeBool
GetThemeInt
GetThemeEnumValue
GetThemePosition
GetThemeFont
GetThemeRect
GetThemeMargins
GetThemeIntList
GetThemePropertyOrigin
SetWindowTheme
GetThemeFilename
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysBool
GetThemeSysSize
GetThemeSysFont
GetThemeSysString
GetThemeSysInt
IsThemeActive
IsAppThemed
GetWindowTheme
EnableThemeDialogTexture
IsThemeDialogTextureEnabled
GetThemeAppProperties
SetThemeAppProperties
GetCurrentThemeName
GetThemeDocumentationProperty
DrawThemeParentBackground
EnableTheming
DWMAPI.DLL
DwmExtendFrameIntoClientArea
DWMAPI.DLL
DwmIsCompositionEnabled
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
TTimer
TTimerx
ExtCtrls
Enabled|
Interval\mA
OnTimerSV
TCommonDialog
TCommonDialog
Dialogs
HelpContext\mA
OnClose\mA
OnShowSV
Cancel
Ignore
NoToAll
YesToAll
commdlg_help
commdlg_FindReplace
WndProcPtr%.8X%.8X
THintActionh
THintAction
StdActns
comctl32.dll
InitializeFlatSB
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollProp
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
TThemeServices
Theme manager 
 2001, 2002 Mike Lischke
BDSUnthemedDesigner
comctl32.dll
 !"#$%8
EMenuError
TMenuBreak
mbNone
mbBreak
mbBarBreak
TMenuChangeEvent
Sender
TObject
Source	TMenuItem
Rebuild
Boolean
TMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
Selected
Boolean
TAdvancedMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
TOwnerDrawState
TMenuMeasureItemEvent
Sender
TObject
ACanvas
TCanvas
Integer
Height
Integer
TMenuItemAutoFlag
maAutomatic
maManual
maParent
TMenuAutoFlag
TMenuActionLinkH#D
	TMenuItem
	TMenuItemH#D
Action
	AutoCheck
AutoHotkeys
AutoLineReductionl6B
Bitmap
Caption
Checked
SubMenuImages
Default
EnabledT
GroupIndex
HelpContext
ImageIndex
	RadioItemDmA
ShortCut
Visible\mA
OnClick` D
OnDrawItem
OnAdvancedDrawItemD!D
OnMeasureItem
TMenul'D
	TMainMenu
	TMainMenuh(D
AutoHotkeys
AutoLineReduction
	AutoMerge
BiDiMode
Images
	OwnerDraw
ParentBiDiMode
OnChange
TPopupAlignment
paLeft
paRight
paCenter
Menus@*D
TTrackButton
tbRightButton
tbLeftButton
TMenuAnimations
maLeftToRight
maRightToLeft
maTopToBottom
maBottomToTop
maNone
TMenuAnimation
TPopupMenu
TPopupMenuL+D
	Alignment
AutoHotkeys
AutoLineReduction
	AutoPopup
BiDiMode
HelpContext
Images
MenuAnimation
	OwnerDraw
ParentBiDiMode<*D
TrackButton
OnChange\mA
OnPopup
TPopupList
TMenuItemStack
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
Q<]_^[
ShortCutText
P?:S?u
Q<]_^[
@?:F?v
Q<]_^[
;~hu	3
$YZ]_^[
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
Layout File
KbdLayerDescriptor
_^[YY]
Ih;J4u
YZ]_^[
P\YZ_^
YZ]_^[
TCursor
TAlign
alNone
alBottom
alLeft
alRight
alClient
alCustom
Controls
TDragObject
TDragObject
Controls
TBaseDragControlObject
TBaseDragControlObjectX
Controls
TDragControlObject
TDragControlObjectEx
TDragDockObject
TDragDockObject8
Controls
TDragDockObjectEx
TControlCanvas
TControlCanvas
Controls
TCustomControlAction
TCustomControlAction@
Controls
TControlActionLink
TMouseButton
mbLeft
mbRight
mbMiddle
Controls
TMouseActivate
	maDefault
maActivate
maActivateAndEat
maNoActivate
maNoActivateAndEat
Controls
	TDragMode
dmManual
dmAutomatic
Controls
TDragState
dsDragEnter
dsDragLeave
dsDragMove
Controls
	TDragKind
dkDrag
dkDock
Controls
TCaption
TAnchorKind
akLeft
akRight
akBottom
Controls
TAnchors
TConstraintSize
TSizeConstraints
TSizeConstraints
Controls
	MaxHeight
MaxWidth
	MinHeight
MinWidth
TMarginSize
TMargins
TMargins`
Controls
Bottom
TPadding
TPaddingx
Controls
Bottom
TMouseEvent
Sender
TObject
Button
TMouseButton
TShiftState
Integer
Integer
TMouseMoveEvent
Sender
TObject
TShiftState
Integer
Integer
TMouseActivateEvent
Sender
TObject
Button
TMouseButton
TShiftState
Integer
Integer
HitTest
Integer
MouseActivate
TMouseActivate
	TKeyEvent
Sender
TObject
TShiftState
TKeyPressEvent
Sender
TObject
TDragOverEvent
Sender
TObject
Source
TObject
Integer
Integer
TDragState
Accept
Boolean
TDragDropEvent
Sender
TObject
Source
TObject
Integer
Integer
TEndDragEvent
Sender
TObject
Target
TObject
Integer
Integer
TDockDropEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDockOverEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDragState
Accept
Boolean
TUnDockEvent
Sender
TObject
Client
TControl
	NewTarget
TWinControl
Boolean
TStartDockEvent
Sender
TObject	
DragObject
TDragDockObject
TGetSiteInfoEvent
Sender
TObject
DockClient
TControl
InfluenceRect
MousePos
TPoint
CanDock
Boolean
TCanResizeEvent
Sender
TObject
NewWidth
Integer
	NewHeight
Integer
Resize
Boolean
TConstrainedResizeEvent
Sender
TObject
MinWidth
Integer
	MinHeight
Integer
MaxWidth
Integer
	MaxHeight
Integer
TMouseWheelEvent
Sender
TObject
TShiftState
WheelDelta
Integer
MousePos
TPoint
Handled
Boolean
TMouseWheelUpDownEvent
Sender
TObject
TShiftState
MousePos
TPoint
Handled
Boolean
TContextPopupEvent
Sender
TObject
MousePos
TPoint
Handled
Boolean
TControl
TControl
Controls
AlignWithMargins<
Width<
Height
Cursor
HelpType
HelpKeyword
HelpContext
Margins
TWinControlActionLink
TImeName
TBorderWidth
IDockManager4
Controls
TAlignInsertBeforeEvent
Sender
TWinControl
TControl
TControl
Boolean
TAlignPositionEvent
Sender
TWinControl
Control
TControl
NewLeft
Integer
NewTop
Integer
NewWidth
Integer
	NewHeight
Integer
	AlignRect
	AlignInfo
TAlignInfo
TWinControl
TWinControl
Controls
TCustomControl
TCustomControl
Controls
THintWindow
THintWindow
Controls
	TDockZone
	TDockTree
TMouse
crDefault
crArrow
crCross
crIBeam
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crUpArrow
crHourGlass
crDrag
crNoDrop
crHSplit
crVSplit
crMultiDrag
crSQLWait
crAppStart
crHelp
crHandPoint
crSizeAll
crSize
	TSiteList
_^[YY]
S$_^[]
YZ]_^[
t%Jt?Jt[
%s (%s)
YZ]_^[
R\Z_^[
ty;s@u
;CLt_3
_^[YY]
;s0t=;
IsControl
ExplicitLeft
ExplicitTop
ExplicitWidth
ExplicitHeight
_^[YY]
_^[YY]
+WH+W@
YZ]_^[
:GauQFKu
DesignSize
_^[YY]
_^[YY]
_^[YY]
_^[YY]
YZ]_^[
_^[YY]
YZ]_^[
YZ]_^[
YZ]_^[
YZ]_^[
YZ]_^[
S8_^[]
t9;wlt4
t';C8u
QQQQSVW
t$;^dt
BP_^[]
USER32
WINNLSEnableIME
imm32.dll
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmIsIME
ImmNotifyIME
Delphi%.8X
ControlOfs%.8X%.8X
USER32
AnimateWindow
Jt'Jt5
TChangeLink
TImageIndex
TCustomImageList
TCustomImageList
ImgList
S0_^[]
R ;C0|
R,;C4}!
S`]_^[
Bitmap
comctl32.dll
comctl32.dll
ImageList_WriteEx
TContainedAction
TContainedAction
ActnList
Category
TCustomActionListL
TCustomActionList
ActnList
TShortCutList
TShortCutList
ActnList
TCustomAction
TCustomAction
ActnList
TActionLinkSV
u*;~8u
YZ]_^[
S`Z]_^[
R0Z_^[
;Blu	3
$:Cjtc
R0Z_^[
R0]_^[
$;Ctt?
R0Z_^[
R0Z_^[
R0Z_^[
R0Z_^[
R0Z_^[
$Z]_^[
TScrollBarInc
TScrollBarStyle
	ssRegular
ssFlat
ssHotTrack
FormsP
TControlScrollBar
TControlScrollBarP
ButtonSizet(B
	Incrementh
Margin
ParentColor<
Position<
Smooth<
Style<
	ThumbSize
Tracking
Visible
TWindowState
wsNormal
wsMinimized
wsMaximized
TScrollingWinControl
TScrollingWinControl
OnAlignInsertBeforeh
OnAlignPositionp
HorzScrollBarp
VertScrollBar
TFormBorderStyle
bsNone
bsSingle
bsSizeable
bsDialog
bsToolWindow
bsSizeToolWin
FormsL
IDesignerHook8
IOleForm4
TPopupWndArray
TFormStyle
fsNormal
fsMDIChild	fsMDIForm
fsStayOnTop
TBorderIcon
biSystemMenu
biMinimize
biMaximize
biHelp
TBorderIcons
	TPosition
poDesigned	poDefault
poDefaultPosOnly
poDefaultSizeOnly
poScreenCenter
poDesktopCenter
poMainFormCenter
poOwnerFormCenter
Forms0
TDefaultMonitor
	dmDesktop	dmPrimary
dmMainForm
dmActiveForm
TPrintScale
poNone
poProportional
poPrintToFit
TCloseAction
caNone
caHide
caFree
caMinimize
TCloseEvent
Sender
TObject
Action
TCloseAction
TCloseQueryEvent
Sender
TObject
CanClose
Boolean
TShortCutEvent
TWMKey
Handled
Boolean
THelpEvent
Command
Integer
CallHelp
Boolean
Boolean
TPopupMode
pmNone
pmAuto
pmExplicit
TCustomForm
TCustomForm
TForm4
Forms]
Action 
ActiveControl
AlphaBlendT
AlphaBlendValue
Anchors
AutoScroll
AutoSize
BiDiModex
BorderIcons
BorderStyle
BorderWidth<
Caption<
ClientHeight<
ClientWidtht(B
TransparentColort(B
TransparentColorValue<
Constraints
UseDockManager,
DefaultMonitor
DockSite
DragKind
DragMode
Enabled
ParentFont,-B
	FormStyle<
Height
HelpFilep
HorzScrollBar
KeyPreview
Padding
OldCreateOrder
ObjectMenuItem
ParentBiDiMode<
PixelsPerInch
	PopupMenu0
	PopupMode
PopupParent
Position
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBufferp
VertScrollBar
Visible<
WidthX
WindowState
WindowMenu\mA
OnActivate
OnAlignInsertBeforeh
OnAlignPosition
OnCanResize\mA
OnClick
OnCloseT
OnCloseQueryP
OnConstrainedResize
OnContextPopup\mA
OnCreate\mA
OnDblClick\mA
	OnDestroy\mA
OnDeactivate
OnDockDrop
OnDockOver
OnDragDrop`
OnDragOverH
	OnEndDockT
OnGetSiteInfo\mA
OnHide
OnHelp
	OnKeyDown$
OnKeyPress
OnKeyUp 
OnMouseActivateD
OnMouseDown\mA
OnMouseEnter\mA
OnMouseLeave
OnMouseMoveD
	OnMouseUp
OnMouseWheelh
OnMouseWheelDownh
OnMouseWheelUp\mA
OnPaint\mA
OnResize
OnShortCut\mA
OnShow
OnStartDock
OnUnDock
TCustomDockFormp
TCustomDockForm 
PixelsPerInch
TMonitor
TScreen
TScreen`
	THintInfo@
TPopupFormArray
TApplication
TApplicationd
TGlassFramet
TGlassFrameT
Enabled<
Right<
Bottom
SheetOfGlass
;X0t@S
+WH+W@
PixelsPerInch
TextHeight
IgnoreFontProperty
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.Top
_^[YY]
S0_^[]
MDICLIENT
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
Ch;Ctt
Cd;Cpt
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
f;sDt~f
_^[YY]
TApplication
MAINICON
XD;PHu
sx;P`u
;B0uGj
;X0uG;u
_^[YY]
YZ]_^[
$Z]_^[
_^[YY]
_^[YY]
Y_^[Y]
_^[YY]
$Z]_^[
YZ]_^[
User32.dll
SetLayeredWindowAttributes
Jt'Jt5
TClipboard
TClipboard|
Clipbrd
_^[YY]
_^[YY]
 IP : 
 IP Mask : 
 Broadcast adress : 
 Status : UP
 Status : DOWN
 Broadcasts : YES
 Broadcasts : NO
 Loopback interface
 Network interface
Software
Microsoft
Windows
CurrentVersion
Policies
System
DisableTaskMgr
Software
Microsoft
Windows
CurrentVersion
Policies
System
DisableRegistryTools
Software
Microsoft
Windows
CurrentVersion
Policies
System
EnableLUA
Software
Microsoft
Security Center
AntiVirusDisableNotify
SYSTEM
CurrentControlSet
Services
SharedAccess
Parameters
FirewallPolicy
StandardProfile
EnableFirewall
SYSTEM
CurrentControlSet
Services
SharedAccess
Parameters
FirewallPolicy
StandardProfile
DisableNotifications
SYSTEM
CurrentControlSet
Services
wscsvc
Software
Microsoft
Security Center
UpdatesDisableNotify
Software
Microsoft
Windows
CurrentVersion
Policies
Explorern
NoControlPanel
Software
Microsoft
Security Center
AntiVirusDisableNotify
SYSTEM
CurrentControlSet
Services
wscsvc
Software
Microsoft
Security Center
UpdatesDisableNotify
Software
Microsoft
Windows
CurrentVersion
Policies
Explorern
NoControlPanel
drivers\etc\hosts
drivers\etc\hosts
I wasn't able to open the hosts file, maybe because UAC is enabled in remote computer!
PSAPI.dll
EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA
GetModuleBaseNameW
GetModuleFileNameExW
GetModuleInformation
EmptyWorkingSet
QueryWorkingSet
InitializeProcessForWsWatch
GetMappedFileNameA
GetDeviceDriverBaseNameA
GetDeviceDriverFileNameA
GetMappedFileNameW
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameW
EnumDeviceDrivers
GetProcessMemoryInfo
System\CurrentControlSet\Services\
Description
UNKNOW
STOPED
RUNNING
PAUSED
STARTED
STOPED_P
CONTINUE_P
PAUSED_P
System\CurrentControlSet\Services\
Description
Software
Microsoft
Windows
CurrentVersion
Policies
System
DisableTaskMgr
Button
Shell_TrayWnd
Shell_TrayWnd
Shell_TrayWnd
set cdAudio door open
Shell_TrayWnd
BUTTON
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
AppData
\uTorrent\
*.torrent
TVariantArray
	OleServer
TConnectKind
ckRunningOrNew
ckNewInstance
ckRunningInstance
ckRemote
ckAttachToInterface	OleServer
TServerEventDispatch
TOleServer
TOleServer
	OleServer
AutoConnect
ConnectKind
RemoteMachineName
IMessengerd
MessengerAPI_TLB"
IMessenger2h
MessengerAPI_TLB
IMessenger3
MessengerAPI_TLB
CoMessengerU
tcHt(Ht3
_^[YY]
Unknow
Offline
Online
Invisible
Be Right Back
On The Phone
Out to lunch
tjHt+Ht7
Offline
Online
Invisible
Be Right Back
On The Phone
Out to lunch
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
command
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
location
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
Maximized
Normal
Minimized
Show/Unactive
Normal/Unactive
Maximized
Normal
Minimized
Show/Unactive
Normal/Unactive
REG_SZ
REG_DWORD
REG_EXPAND_SZ
REG_BINARY
cmd.exe
Unknow
Not Available
Removable
Network
CD-ROM
WinDrive
Shell_traywnd
TrayNotifyWnd
TrayClockWClass
Shell_traywnd
TrayNotifyWnd
TrayClockWClass
Shell_traywnd
TrayNotifyWnd
Shell_traywnd
TrayNotifyWnd
Shell_traywnd
ReBarWindow32
Shell_traywnd
ReBarWindow32
Progman
Progman
ESocketError
TBaseSocketlMG
TBaseSocket
Sockets
TSocketHost
TSocketPort
	TIpSocket
	TIpSocket
Sockets
TCustomIpClientLOG
TCustomIpClient
Sockets
%d.%d.%d.%d
0.0.0.0
WSAStartup
WSACleanup
POST /index.php/1.0
Host: 
BTRESULTHTTP Flood|Http Flood task finished!|
TVisitThread
myappname
BTRESULTVisit URL|finished to visit 
 Times.
BTERRORVisit URL|An exception occured in the thread|
DATAFLUX
UntProcess
SYSERRNot a valid range set!
SYSERRCannot open remote process for reading..
SYSERRCannot create the output file!
SYSINFORemote process (
) successfully dump in 
Normal
Real Time
> of the Normal
< of the Normal
ACCESS DENIED (x64)
LanErr
127.0.0.1
LanList
LanErr
TScanRange
u>hHsG
PortScanAdd
_^[YY]
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ/*-+.=
BTRESULTSyn Flood|Syn task finished!|
_^[YY]
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ/*-+.=
BTRESULTUDP Flood|UDP Flood task finished!|
QQQQQQSV
FTPPORT
FTPPASS
FTPUSER
FTPHOST
FTPROOT
dclogs\
dclogs\
:: Clipboard Change : size = 
 Bytes (
FTPUPLOADK
FTPSIZE
\newl\
\space\
ONLINESTROKES\newl\:: 
ONLINESTROKES
[NUM_LOCK]
[SNAPSHOT]
[LEFT]
[RIGHT]
[DOWN]
dclogs\
TReceiveFileThread
UPLOADFILE
FILEBOF
FILEEOF
FILEEND
FILEERR
TSendFileThreadU
FILETRANSFER
FILEBOF
FILEERR
FILEEOF
FILEEND
TReceiveDataFlux
UPFLUX
TScreenThumb
TSendDataFluxThread
DATAFLUX
TSearchThreadU
TCaptureWebcam
CAMERA
#CAMEND
ENDSNAP
MONSIZE
DISPLAY
MONSIZE0x0x0x0
DEFAULT MONITOR (DISPLAY)
cmd.exe
taskmgr.exe
image/jpeg
QQQQQSVW
TInputsControl
CONTROLIO
XWHEEL
XRIGHT
TScreenCapture
DESKTOP
ENDSNAP
TKeepAlive
#KEEPALIVE#
TSocks5Config
OK|Successfully started..|
ERR|Socket error..|
ERR|Cannot listen to port, try another one..|
QQQQQSVW
QQQQQQQSVW
QQQQQQQQSVW3
SOCKS5STATUS
TConnectionHandler
TSoundCapture
EndReceive
QQQQQQQSVW
TQuickTransfer
UPLOADEXEC
UPDATE
UPANDEXEC
drivers\etc\hosts
EDITSVR
GENCODE
PASSWORD
DCSC_GRABPWDS
DCSC_INITCHAT
DCSC_POSTDATA
DCSC_CHATNUDGE
DCSC_DESTROYCHAT
DCSC_CHATRELOAD
PLUGIN
QUICKUP
FILEEND
TAsyncTask
out.txt
tmp.txt
systeminfo
SYSINFO
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
UserInit
QQQQS3
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit
TDataThread
TDumpThread
127.0.0.1:1604
#KCMDDC51#-
Unknow
TPlugThread
_^[YY]
0123456789ABCDEFGHJKLMNPQRSTUVWXYZ
cmd.exe
Control Panel\Desktop
Wallpaper
net start uxsms
net stop uxsms
SeShutdownPrivilege
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
DisplayName
DisplayVersion
InstallLocation
Publisher
UninstallString
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
OpenProcessToken error
GetTokenInformation error
BlockInput
USER32.DLL
_^[YY]
Software
DC2_USERS
_^[YY]
Software
DC2_USERS
Default
Limited
unknow
QQQQQQSVW
 Days and 
QQQQQQSVW
Software
DC3_FEXEC
Unknow
_^[YY]
Software
DC3_FEXEC
 Bytes
_DCEntryPoint
QQQQQQQQSVW
Local drive (default)
%.4x:%.4x
SVQh 7H
IsWow64Process
kernel32
HARDWARE\DESCRIPTION\System
SystemBiosDate
HARDWARE\DESCRIPTION\System
Identifier
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Identifier
HARDWARE\DESCRIPTION\System\CentralProcessor\0
VendorIdentifier
Unknow
Windows NT 4.0
Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows 7
Windows 95
Windows 98
Windows Me
0x%.2x%.2x%.2x%.2x%.2x%.2x
memory allocation failed!
%.2x-%.2x-%.2x-%.2x-%.2x-%.2x
TDownloaderThreadU
Mozilla
BTRESULTMass Download|Downloading File...|
DownloadSuccess
DownloadFail
BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|
BTERRORDownload File| Error on downloading file check if you type the correct url...|
QQQQQSVW
cmd.exe
notepad.exe
INSTALL
KEYNAME
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
notepad
IDTYPE
SERVER
%ShortCut#
RELATEDCMD
GetSIN
 64 bit
 32 bit
infoes
RefreshSIN
backinfoes
RunPrompt
GetDrives
Drives
GetSrchDrives
SrchDrives
GETMONITORS
RESMON
1SCDesktop
FMGRSC
1SCMydocs
CloseServer
notepad.exe
RestartSocket
RestartServer
ping 127.0.0.1 -n 4 > NUL && "
RunSelectedAsAdmin
FILM003
RunSelectedShow
FILEM004
RunSelectedHidden
AddSize
DeleteFiles
SendFilesToTrash
EmptyBin
AttribNormal
AttribHidden
AttribRO
AttribSystem
AttribArchive
AttribTemp
GetFileAttrib
Read-Only
Archive
System
ResultAttrib
File Attrib : [ 
PastMultiVM
RefreshList
CutMultiFiles
ShortCut
RenameFile
FILEM007
MoveFold
FILEM006
MkeDir
FILEM002
DelDir
rmdir "
" /s /q
HideFolder
ShowFolder
NETDRV
REFRESHPROC
PROCESS
REFRESHMODS
MODULES
KillProcess
SuccesProc
KILLPID
KillSProcess
HKNewInt
HKNewExpandString
GetWindow
CloseW
Maximize
Minimize
ChangeWindowName
GetAppList
DeleteReg
RenAppReg
UninstallAPP
GetServList
StartServices
StopServices
RemoveServices
InstallService
GetStartUpList
DelMSKey
CleanMsConfig
InstallHKEY
MSNONLINE
MSNBUSY
MSNAWAY
MSNOFFINE
MSNSIGNOUT
GETMSNINFO
MSNINFO
GetMsnList
DelContact
AddContact
BlockContact
UnBlockContact
ActiveOnlineKeylogger
UnActiveOnlineKeylogger
GETLOGSHISTORY
KeylogOn
dclogs\
ActiveOfflineKeylogger
UnActiveOfflineKeylogger
ActiveOnlineKeyStrokes
UnActiveOnlineKeyStrokes
GetOfflineLogs
Shutdown
RestartComp
LogOffComp
PowerOff
ScreenSaver
LockComp
GetFullInfo
OFFLINEK
GetSystemInfo
OpenWebPage
PrintText
tmpprint.txt
RefreshClipboard
GetClipT
GetClipF
SendYourClipboard
ToGetClipT
WriteClip
ClearC
GetTorrent
ListCam
DISPCAMS
GetPrivilege
HideDeskTop
ShowDeskTop
HideClock
ShowClock
HideTaskBarIcons
ShowTaskBarIcons
HideSystemTrayIcons
ShowSystemTrayIcons
HideTaskBar
ShowTaskBar
HideStartButton
ShowStartButton
DisableStartButton
EnabledStartButton
DisabledTaskManager
EnabledTaskManager
OpenCD
CloseCD
Set cdaudio door closed wait
SvrUninstall
URLUpdate
TraceRoute
TraceResult
#GetClipboardText
#SendClip
#SendTaskMgr
taskmgr
#FreezeIO
#UnFreezeIO
MSGBOX
GetMiniWind
Redirection
#BOT#VisitUrl
#BOT#OpenUrl
HTTP://
http://
BTRESULTOpen URL|
 is now open!|
#BOT#Ping
BTRESULTPing|Respond [OK] for the ping !|
#BOT#RunPrompt
BTRESULTRun command|
 Command successfully executed!|
#BOT#CloseServer
BTRESULTClose Server|close command receive, bye bye...|
#BOT#SvrUninstall
BTRESULTUninstall|uninstall command receive, bye bye...|
#BOT#URLUpdate
BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|
BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|
#BOT#URLDownload
RPCLanScan
GateWay
GetActivePorts
out.txt
tmp.txt
netstat -a -n -o
DDOSHTTPFLOOD
DDOSSYNFLOOD
DDOSUDPFLOOD
[ChangeID]
GENCODE
#GetScreenSize
#RemoteScreenSize
%IPPORTSCAN
Md5GetFromFile
md5result
WallPaper
FILEM005
WavPlay
HWINDSENDTEXT
SpeakerVoice
SAPI.SpVoice
GetHostsFile
GETDRIVEINFO
DELETELOG
REFRESHLOGS
PREVIEWF
ADDSOCKS5
SOCKS5FLUSH
SOCKS5CLOSE
DOWNLOADFILE
DOWNLOADFOLDER
DWNFOLDERRES
UPFLUX
UPLOADFILE
SEARCHFILES
STOPSEARCH
ACTIVEREMOTESHELL
DOSCAP
SUBMREMOTESHELL
KILLREMOTESHELL
DESKTOPCAPTURE
DESKTOPSTOP
WEBCAMLIVE
WEBCAMSTOP
DESKTHMB
REFRESHWIFI
SOUNDCAPTURE
SOUNDSTOP
QUICKUP
PLUGIN
PASSWORD
CHATOUT
CHATNUDGE
CLOSECHAT
FTPFILEUPLOAD
URLDOWNLOADTOFILE
OFFLINEK
Unknow
_^[YY]
TServerReaderU
#32770
SysListView32
KEYNAME
KEYNAME
TaskbarCreated
TaskbarCreated
Delphi Picture
Delphi Component
DCDATA
GENCODE
NETDATA
DCMUTEX
EDTPATH
COMBOPATH
INSTALL
KEYNAME
CHANGEDATE
EDTDATE
FAKEMSG
MSGICON
MSGTITLE
MSGCORE
FILEATTRIB
DIRATTRIB
CHIDEF
attrib "
" +s +h
CHIDED
notepad
PERSINST
MULTIBIND
MULTIPLUGS
Runtime error     at 00000000
0123456789ABCDEF
MS Sans Serif
0123456789abcdef
E`E`E`E`E`E`E`E`E`E`E`E`E`E`E`E`E
E`E`E`E`E`E`E`E`
dElElElElElElElEl
 deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly 
invalid distance too far back
invalid distance code
invalid literal/length code
incorrect header check
unknown compression method
invalid window size
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid code lengths set
invalid bit length repeat
invalid literal/lengths set
invalid distances set
invalid literal/length code
invalid distance code
invalid distance too far back
incorrect data check
 inflate 1.2.3 Copyright 1995-2005 Mark Adler 
								
D57ABA5857F0AFF67584605E90BE4665C9814BEEC7ED390E0271A42F098683FF146F5F3CD58FDA8B3FFF3B0E3C76BBD165FD53FF95B7DF4AC7EDF9F80DE87EFB56127704CE8AC598576BB4B78C91E0E9072494578B5FA5D36123BEFB2352174A936269A7C272815CBB8D6E01DD9911C9D0F5FB6B2E46AA25A41A64AEACA8520007015A629A0A9EE20D256E4EB988E4874730556B58030E2D6A6FAA06E67585BF9614F2458B27E39D59F6B2638346AD2CC417CA68CFDEE5DAE10C927C88108F51FA966B630BE33F3283C4D63195EFF92CB7E68D7D958B616B81DC288ABF4889F26CDBEB2F162631EEC836043C6585A98A4D5C09FDAF3CCC305E33F38629EA019DC7EB47F5F59A369C67AF94CF5FCC208BA3BEA7C68E35EC57D32E138994E223A63A5517CBF241C00C8287B6FE449F600912BE7AFA879DA919AAF43B7714E2BDEDA9E9A05ADD8A0F9BB9FC9AD0A3C320EB33AD7A3C435D1A7A148F468458D841225C298C6D6636CD8C4CA7A4EC9E8DA66CDBD3D9806E310FAF2BC77F4F8AFF4FE39D6D89CFAB46060DA9727CBA3D3380052189F12F92B9C0EAD14299DFC8FC149169B42C1FE3CEE082F0F8933A55AC6F848CA0390415E446D84120851EFCC80012D3EDA03C9438A3AC9BF3316B8D4DFFE9BE234E1BC1DF096C6283A6267B1397D2E8839B361827F2BB2E7D39789266C3251838A653EAD10CA2E65900PA
{<:y&q?	
server
UntKeylogger
UntMain
)UntDownloaderThread
UntSinInfo
UntCore
UntVars
UntRDPThread
UTypes
SysInit
System
UntDisableAero
KWindows
ZLibEx
^Classes
SysConst
"RTLConsts
sActiveX
3Messages
QTypInfo
SysUtils
ImageHlp
CVariants
$VarUtils
+Graphics
Consts
8Registry
IniFiles
WinSock
+UntAsyncTask
hUntSendStream
RUntRC4
UntActivePorts
TlHelp32
UntSoundCaptureThread
GMMSystem
KACMConvertor
[ACMIn
bListUnit
UntMainConnectionThread
+UntScreenCapture
7UntInputsControls
UntRemoteDesktop
UntResizePic
"GDIPUTIL
,GDIPOBJ
GDIPAPI
DirectDraw
*ShellAPI
UntControlKey
GMD5Api
=MD5Core
)UntRemoteShell
mUntSendDataFluxThread
UntKeepAlive
NUntPluginsData
8DLLMemory
"UntIPUtils
IUntSocks5
UntCaptureWebcam
UntWebCam
`VFrames
SyncObjs
VSample
ADirectShow9
FComObj
qComConst
yDirect3D9
DXTypes
DirectSound
dUntSearchThread
CryptApi
(ShlObj
UrlMon
?WinInet
RegStr
CommCtrl
untstartup
(UntUploadFTPThread
UntFTP
UntRemoteUtils
|afxCodeHook
UntQuickTransferThread
2UntDCSettingsReader
aUntWIFI
7nduWlanTypes
nduCType
nduWlanAPI
nduEapTypes
=nduWinNT
nduWinDot11
:nduNtDDNdis
nduL2cmn
DUntScreenThumb
UntReceiveDataFluxThread
UntSendFileThread
 UntFWB
TSHFolder
UntReceiveFileThread
_UntUDPFlood
dUntSynFlood
YUntScanPorts
xUSock
UntRPCScan
UntInfections
iUntProcess
UntServices
WinSvc
UntFun
0UntPasswordAndData
UntMClipboard
Clipbrd
CUxTheme
DwmApi
5Themes
&Controls
EActnList
vMenus
ImgList
Contnrs
MultiMon
StdActns
YStrUtils
Dialogs
RHelpIntfs
WideStrUtils
ExtCtrls
GraphUtil
dStdCtrls
Printers
WWinSpool
3CommDlg
FlatSB
(UntBot
UntMSN
cMessengerAPI_TLB
StdVCL
OleServer
OleConst
UntMsConfig
UntWindowManager
UntRegEdit
UntNetShareLister
XUntHTTPFlood
UntCPU
0UntMiscFunc
untFunctions
Sockets
UntRootKit
UntServerReader
UntAntiSB
lstrcpyA
WriteProcessMemory
WriteFile
WinExec
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
VerLanguageNameA
UnmapViewOfFile
TerminateProcess
SizeofResource
SetThreadPriority
SetThreadLocale
SetThreadContext
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadProcessMemory
ReadFile
PeekNamedPipe
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryA
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersion
GetUserDefaultLangID
GetTickCount
GetThreadLocale
GetThreadContext
GetTempPathA
GetSystemPowerStatus
GetSystemDirectoryA
GetStdHandle
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileTime
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumResourceNamesA
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateThread
CreateRemoteThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetACP
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
LookupPrivilegeNameA
LookupPrivilegeDisplayNameA
LookupAccountSidA
IsValidSid
GetUserNameA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetCurrentHwProfileA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
capGetDriverDescriptionA
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamReset
acmStreamSize
acmStreamClose
acmStreamOpen
Netbios
NetApiBufferFree
NetShareGetInfo
NetShareEnum
NtUnmapViewOfSection
NtQuerySystemInformation
CoTaskMemFree
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID
CoTaskMemFree
StringFromCLSID
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
GetActiveObject
SysFreeString
SysFreeString
SysReAllocStringLen
SysAllocStringLen
ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHFileOperationA
DragQueryFileA
SHEmptyRecycleBinA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFolderPathA
URLDownloadToFileA
CreateWindowExA
mouse_event
keybd_event
WindowFromPoint
WaitMessage
VkKeyScanA
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LockWorkStation
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastInputInfo
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumDisplayDevicesA
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
EnumDisplayMonitors
GetMonitorInfoA
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpQueryInfoA
FtpPutFileA
waveInUnprepareHeader
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInClose
waveInAddBuffer
PlaySoundA
mciSendStringA
WSAIoctl
__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostname
getservbyname
gethostbyname
gethostbyaddr
socket
shutdown
sendto
select
listen
ioctlsocket
inet_ntoa
inet_addr
getsockname
connect
closesocket
accept
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
Bo`'D5
3-s`2R
1Gdad[5IaS
+Vol~@[
Id'#RY
mXl-bw
0vAh'QA
= (U[Ylg@
Unhod*
\koa?!{k	
ci-F!-D
2pL1I]
	~"ZEjElOz
Hf n-F
(HBITMAP9:J
a^X[aX
m#Lh)%
faH{T#
/m#a$l
g$+rum
y#o)-L
d!9dGG#A
KB-klc
/#F|b;I
M[H1I8M7
ePo!<A
vn\hlv.
XPTPSW
kkkI   
KERNEL32.DLL
advapi32.dll
AVICAP32.DLL
comctl32.dll
gdi32.dll
gdiplus.dll
msacm32.dll
netapi32.dll
ntdll.dll
ole32.dll
oleaut32.dll
shell32.dll
SHFolder.dll
URLMON.DLL
user32.dll
version.dll
wininet.dll
winmm.dll
WS2_32.DLL
wsock32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
IsValidSid
capGetDriverDescriptionA
ImageList_Add
SaveDC
GdipFree
acmStreamSize
Netbios
NtUnmapViewOfSection
NtQuerySystemInformation
IsEqualGUID
VariantCopy
ShellExecuteA
SHGetFolderPathA
URLDownloadToFileA
VerQueryValueA
FtpPutFileA
waveInOpen
WSAIoctl